Restrict form submission to files from my site only

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jack_wayne
Forum Newbie
Posts: 2
Joined: Fri May 24, 2002 3:18 am

Restrict form submission to files from my site only

Post by jack_wayne »

I am looking to "SECURELY" restrict form submissions to my site. ie I don't want someone to have the file on their machine and submit the form to my site.

Thanks
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Post by Benjamin »

You could use some code to check the refering url to make sure that it's approved. Not sure what the exact statement is to do that, but it shouldn't be to hard to find.

<?

//some code here which gets the refering url and puts it into the variable $referingurl

$approvedurl = "http://www.postfromonlyhere.com";
if ($referingurl !$approvedurl)
{
echo "To hell with your submission";
}
else
{
echo "Thank you for your submission";
echo "You can put more code here";
}
?>

You would also want to make $approvedurl a constant in the case that global variables are turned on. That way someone could not type in,

http://www.immahackyouputz.com/index.ph ... youlol.com

And change the variable like that. Not that they would know what that variable name was anyway, but hey it could happen.
jack_wayne
Forum Newbie
Posts: 2
Joined: Fri May 24, 2002 3:18 am

Post by jack_wayne »

Unfortunately the $_SERVER{REQUEST_URI} only offers the relative path, There seems to be nothing within the server generated environment variables to specify the complete URL.
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

you may use the same approach as supposed in A php frames solution?

here is a tutorial how to prevent hot linking with .htaccess
Post Reply